Zero Day: 700 Instances of Self-Hosted Git Service Exploited

Mathew J. Schwartz • December 11, 2025

An attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self-hosting, warned researchers. At least 700 internet-exposed servers running Gogs shows signs of being infected with command-and-control malware; no patch is yet available.

Black Hat

Marketing and Compliance Software Vendor to Banks Breached

Latest

Finance & Banking

Russian Ring Using Ex-Immigrant Data to Fuel Fake ID Sales

Suparna Goswami • December 11, 2025

A Russian darknet marketplace is exploiting a major blind spot for U.S. financial institutions by trafficking in the identities of former legal immigrants. Telegram-based group Karma Fullz has built a profitable criminal enterprise with highly convincing synthetic identities.

Blockchain & Cryptocurrency

Cryptohack Roundup: Android Chips Hot Wallet Attack

Rashmi Ramesh • December 11, 2025

This week, Ledger flagged physical attack risks to Android hot wallets, a 700M euro fraud network was dismantled, a suspect in the $243M Genesis theft was reportedly detained and a member of a $263M crypto scam pleaded guilty. Two men arrested in a Vienna crypto-linked killing.

Advanced SOC Operations / CSOC

Harness Nets $240M at $5.5B Valuation to Advance DevSecOps

Michael Novinson • December 11, 2025

With $200 million in Series E funding and a new $5.5 billion valuation, Harness will scale its AI-powered platform for security, compliance and reliability in software development. The investment will support R&D into AI agents, testing, cost optimization and security for AI workloads.

Artificial Intelligence & Machine Learning

New York City CTO Shares Blueprint for Lasting AI Governance

Jennifer Lawinski • December 10, 2025

New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.

Artificial Intelligence & Machine Learning

It's Time to Rethink the Centralized SIEM Model

Rahul Neel Mani • December 10, 2025

Threat detection systems have traditionally aggregated telemetry into a single repository, but that model can no longer keep pace with the scale, cost and diversity of enterprise security data, said Eli Rozen, co-founder and CTO at Vega.

Data Breach Notification

Drug R&D Firm Facing Costs, Lawsuits in Alleged Qilin Attack

Marianne Kolbasuk McGee • December 10, 2025

Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

Agentic AI

BNY Partners With Google on Financial Services AI Platform

Jennifer Lawinski • December 10, 2025

BNY is integrating Google Cloud's Gemini Enterprise agentic artificial intelligence platform into its proprietary enterprise AI platform, Eliza. The move represents an evolution from AI as a pilot project to AI as infrastructure for the global financial services organization.

AI-Based Attacks

Experience Really Matters - But Now You're Fighting AI Hacks

Brandy Harris • December 10, 2025

AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Endpoint Security

The Unseen Threat: DNA as Malware

Maryam Shoraka • December 10, 2025

Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Agentic AI

AI Agents Drive Faster, Smarter Vulnerability Exploits

Rahul Neel Mani • December 9, 2025

AI-generated code expands the attack surface as attackers use autonomous agents to find and exploit flaws in hours. Snir Havdala, co-founder and chief product officer at Zafran Security, said attackers build specialized agents that handle reconnaissance, exploitation and rapid adaptation.

AI-Based Attacks

AI Is Driving a Shift in Targeted Email Attacks

Rahul Neel Mani • December 9, 2025

Cybercriminals are using AI to craft tailored email-based attacks that bypass traditional defenses. This shift to targeted email compromise and rising volumes of sophisticated tactics have placed new pressure on organizations, says Neal Bradbury, chief product officer at Barracuda.

Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks

Marianne Kolbasuk McGee • December 9, 2025

Two specialty healthcare providers - a Florida-based firm that provides hospice services in several states and a Pennsylvania-based eye care practice - are notifying nearly 520,000 people that their sensitive health information was compromised in separate hacking incidents.